Ent Credit Union
Information Security Analyst
Ent Credit Union, Colorado Springs, Colorado, United States, 80509
Company Description
Ent Credit Union exists to improve the financial quality of life of the people we serve. This mission drives us every day, but we are more than our mission. We're also individuals using our unique abilities to make our organization, and the communities we serve, better than they were yesterday. We're a not-for-profit that puts people above profits and actively invests in our community. Our rapidly growing team is expanding our reach to serve more people throughout Colorado. To spread our mission far and wide, we need people like you. If you're interested in a paycheck with a purpose, apply with us today. Our people make the difference, and we truly believe you are our greatest asset.
Job Description
The Information Security (Info Sec) group is hiring an Information Security Analyst to support ongoing and new efforts within our area of responsibility. The Info Sec group sits within our Risk department and partners with other departments to protect our networks, systems, data, and digital assets. This Analyst will be part of the team that is responsible for maintaining and enhancing Ent's Information Security program. To understand and work within the Info Sec program, the Analyst will have to become aware of the internal policies, procedures, frameworks, applicable regulations (BSA/AML, NCUA, FFIEC, GLBA). There will also be several software tools the Analyst will need to learn to utilize with minimal supervision. Because Info Sec partners with other departments, the Analyst will be expected to learn how Info Sec interacts within other departments, and work within those partnerships to raise awareness and support for Info Sec activities. However, during any of these activities, there may be an incident, and the Analyst will be expected to assist with the response to the incident.
Essential FunctionsInformation Security Service: Assist in developing, reviewing and updating InfoSec policies as required Assists with the development, presentation, and maintenance of materials for several initiatives, including: phishing simulations, security awareness, incident response, and data loss prevention. Assists InfoSec team in an ad-hoc role to provide research or report writing for relevant security topics.Member of the Data Governance Team: Data Loss Prevention (DLP): Monitors the shared DLP mailbox to quickly respond to users that have DLP related questions Reviews DLP reports to identify trends that will help in policy creation Coordinates and conducts DLP focused meetings Creates training materials for DLP policies Data Classification and Data Catalog: Utilize the Microsoft Purview toolset to configure policies, conduct simulations, and "train" the tool to identify new data types Assist with the cataloging and classification of data Modify and keep the Data Catalog up to date based on new findings and partner feedback.Member of the Information Security Team: Maintains up-to-date knowledge of industry trends and best practices Analyzes and monitors Information Security Key Performance Indicators and Data Organizes meetings, prepares materials, writes meeting minutes, and collects action items; when required, facilitates meetings with minimal supervision Maintains and updates existing reports and creates bespoke reports. Assists and supports the Physical and Cybersecurity Teams with tool administration and documentation Assists with the Vulnerability ProgramMember of the Incident Response Team: Ensures Consistency of Handling Incidents. Contribute to/maintain/improve incident response "playbooks" and related documentation Assists with maintaining Incident Response Program.Bank Secrecy Act: Remains cognizant of and adheres to Ent policies and procedures, and regulations pertaining to the Bank Secrecy Act.Qualifications
Minimum Formal Qualifications for this Position
Associate's Degree in Computer Science, IT Security, Information/Network Security or similar field of study.2+ years' of relevant experience related to IT Security.Bachelor's Degree in Computer Science, IT Security, Information/Network Security or similar field of study (preferred)1+ years' financial industry experience (preferred)Each year of relevant work experience may be exchanged for a year in a relevant degree program or vice versa. For example, a requirement of a bachelor's degree in accounting and 2+ years of account experience could be substituted for a high school diploma and 6 years of relevant accounting work experience or a master's degree in accounting and 0 years of work experience.
Technical or Specialized Knowledge/Skills:
Data: Awareness of data standards (both data exchange and storage), relational database structure, and cloud-based systems. Awareness of these areas combined with interest and demonstrated analytical capability may be considered in lieu of this specific experience.Technical Capabilities: Demonstrated experience in technical capabilities, which includes, but is not limited to: IT systems/data security controls including but not limited to firewalls, IPS/IDS, SIEM, and other security device platforms. Awareness of these areas combined with interest and demonstrated analytical capability may be considered in lieu of this specific experience.Enterprise Work Experience: The ability to understand and navigate a large organization is required for success in this role. The role requires an understanding of different responsibilities and processes by departments, understanding organization wide priorities, timelines for projects, and how to navigate requests to/from partner departments,Microsoft Suite: This role will regularly utilize the Microsoft Suite to create materials to support the efforts of the Info Sec team. Thes could be meeting materials in PowerPoint, policy updates in Word, or analysis of simulation results in Excel. Thus, proficiency with Word, Excel, PowerPoint, Outlook, and Visio is required.Written Communication: This role will have regular communication via email. The ability to tailor a response to clearly and concisely communicated ideas is important. Written Communication - specially via email.Analytical Skills: This role will be tasked with reading and interpreting reports, dashboards, policies, procedures, and frameworks. It is very important that the applicant can assist the team in these analytical tasks with minimal supervision.Interpersonal Soft Skills: This role will have a heavy component of collaboration within the organization. Thus, strong customer service and interpersonal skills are required.Familiarity with industry regulations and best practices such as PCI, GLBA, FFIEC, NIST, ISO 27000, HIPPA, OWASP, SSAE 16/18, SOC2 and the Cloud Security Alliance.Certifications Required:
ISC2 Certified in Cybersecurity (CC) within 1 Year requiredEnvironmental, Physical and Psychological Requirements
Standing - OccasionallyWalking - OccasionallySitting - FrequentlyLifting - Rarely (40 Lbs)Carrying - RarelyPushing - RarelyPulling - RarelyBalancing - RarelyStooping - RarelyKneeling - RarelyCrouching - RarelyCrawling - RarelyReaching - OccasionallyHandling - OccasionallyGrasping - OccasionallyFeeling - OccasionallyTalking - FrequentlyHearing - FrequentlyRepetitive Motions - FrequentlyEye/Hand/Foot Coordination - OccasionallyNoises louder than normal speaking volume - OccasionallyTemperature Changes - RarelyAtmospheric Conditions - Rarely
Additional Information
The pay range for this position is: $34 to $44 per Hour (I14)
Final compensation for this position will be determined by various factors such as relevant work experience, specific skills and competencies, education, certifications, and internal pay equity.
This position is eligible for our corporate bonus program based on company performance.
We anticipate this position to close on 10/16/2024. Please submit your application at your earliest convenience to be considered.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
Benefits Summary Sheet - 2024
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
Videos To Watchhttps://youtu.be/3vl6Is8yY_s
Ent Credit Union exists to improve the financial quality of life of the people we serve. This mission drives us every day, but we are more than our mission. We're also individuals using our unique abilities to make our organization, and the communities we serve, better than they were yesterday. We're a not-for-profit that puts people above profits and actively invests in our community. Our rapidly growing team is expanding our reach to serve more people throughout Colorado. To spread our mission far and wide, we need people like you. If you're interested in a paycheck with a purpose, apply with us today. Our people make the difference, and we truly believe you are our greatest asset.
Job Description
The Information Security (Info Sec) group is hiring an Information Security Analyst to support ongoing and new efforts within our area of responsibility. The Info Sec group sits within our Risk department and partners with other departments to protect our networks, systems, data, and digital assets. This Analyst will be part of the team that is responsible for maintaining and enhancing Ent's Information Security program. To understand and work within the Info Sec program, the Analyst will have to become aware of the internal policies, procedures, frameworks, applicable regulations (BSA/AML, NCUA, FFIEC, GLBA). There will also be several software tools the Analyst will need to learn to utilize with minimal supervision. Because Info Sec partners with other departments, the Analyst will be expected to learn how Info Sec interacts within other departments, and work within those partnerships to raise awareness and support for Info Sec activities. However, during any of these activities, there may be an incident, and the Analyst will be expected to assist with the response to the incident.
Essential FunctionsInformation Security Service: Assist in developing, reviewing and updating InfoSec policies as required Assists with the development, presentation, and maintenance of materials for several initiatives, including: phishing simulations, security awareness, incident response, and data loss prevention. Assists InfoSec team in an ad-hoc role to provide research or report writing for relevant security topics.Member of the Data Governance Team: Data Loss Prevention (DLP): Monitors the shared DLP mailbox to quickly respond to users that have DLP related questions Reviews DLP reports to identify trends that will help in policy creation Coordinates and conducts DLP focused meetings Creates training materials for DLP policies Data Classification and Data Catalog: Utilize the Microsoft Purview toolset to configure policies, conduct simulations, and "train" the tool to identify new data types Assist with the cataloging and classification of data Modify and keep the Data Catalog up to date based on new findings and partner feedback.Member of the Information Security Team: Maintains up-to-date knowledge of industry trends and best practices Analyzes and monitors Information Security Key Performance Indicators and Data Organizes meetings, prepares materials, writes meeting minutes, and collects action items; when required, facilitates meetings with minimal supervision Maintains and updates existing reports and creates bespoke reports. Assists and supports the Physical and Cybersecurity Teams with tool administration and documentation Assists with the Vulnerability ProgramMember of the Incident Response Team: Ensures Consistency of Handling Incidents. Contribute to/maintain/improve incident response "playbooks" and related documentation Assists with maintaining Incident Response Program.Bank Secrecy Act: Remains cognizant of and adheres to Ent policies and procedures, and regulations pertaining to the Bank Secrecy Act.Qualifications
Minimum Formal Qualifications for this Position
Associate's Degree in Computer Science, IT Security, Information/Network Security or similar field of study.2+ years' of relevant experience related to IT Security.Bachelor's Degree in Computer Science, IT Security, Information/Network Security or similar field of study (preferred)1+ years' financial industry experience (preferred)Each year of relevant work experience may be exchanged for a year in a relevant degree program or vice versa. For example, a requirement of a bachelor's degree in accounting and 2+ years of account experience could be substituted for a high school diploma and 6 years of relevant accounting work experience or a master's degree in accounting and 0 years of work experience.
Technical or Specialized Knowledge/Skills:
Data: Awareness of data standards (both data exchange and storage), relational database structure, and cloud-based systems. Awareness of these areas combined with interest and demonstrated analytical capability may be considered in lieu of this specific experience.Technical Capabilities: Demonstrated experience in technical capabilities, which includes, but is not limited to: IT systems/data security controls including but not limited to firewalls, IPS/IDS, SIEM, and other security device platforms. Awareness of these areas combined with interest and demonstrated analytical capability may be considered in lieu of this specific experience.Enterprise Work Experience: The ability to understand and navigate a large organization is required for success in this role. The role requires an understanding of different responsibilities and processes by departments, understanding organization wide priorities, timelines for projects, and how to navigate requests to/from partner departments,Microsoft Suite: This role will regularly utilize the Microsoft Suite to create materials to support the efforts of the Info Sec team. Thes could be meeting materials in PowerPoint, policy updates in Word, or analysis of simulation results in Excel. Thus, proficiency with Word, Excel, PowerPoint, Outlook, and Visio is required.Written Communication: This role will have regular communication via email. The ability to tailor a response to clearly and concisely communicated ideas is important. Written Communication - specially via email.Analytical Skills: This role will be tasked with reading and interpreting reports, dashboards, policies, procedures, and frameworks. It is very important that the applicant can assist the team in these analytical tasks with minimal supervision.Interpersonal Soft Skills: This role will have a heavy component of collaboration within the organization. Thus, strong customer service and interpersonal skills are required.Familiarity with industry regulations and best practices such as PCI, GLBA, FFIEC, NIST, ISO 27000, HIPPA, OWASP, SSAE 16/18, SOC2 and the Cloud Security Alliance.Certifications Required:
ISC2 Certified in Cybersecurity (CC) within 1 Year requiredEnvironmental, Physical and Psychological Requirements
Standing - OccasionallyWalking - OccasionallySitting - FrequentlyLifting - Rarely (40 Lbs)Carrying - RarelyPushing - RarelyPulling - RarelyBalancing - RarelyStooping - RarelyKneeling - RarelyCrouching - RarelyCrawling - RarelyReaching - OccasionallyHandling - OccasionallyGrasping - OccasionallyFeeling - OccasionallyTalking - FrequentlyHearing - FrequentlyRepetitive Motions - FrequentlyEye/Hand/Foot Coordination - OccasionallyNoises louder than normal speaking volume - OccasionallyTemperature Changes - RarelyAtmospheric Conditions - Rarely
Additional Information
The pay range for this position is: $34 to $44 per Hour (I14)
Final compensation for this position will be determined by various factors such as relevant work experience, specific skills and competencies, education, certifications, and internal pay equity.
This position is eligible for our corporate bonus program based on company performance.
We anticipate this position to close on 10/16/2024. Please submit your application at your earliest convenience to be considered.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
Benefits Summary Sheet - 2024
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
Videos To Watchhttps://youtu.be/3vl6Is8yY_s